diff options
| author |   Florian Westphal <fw@strlen.de> | 2017-04-19 18:14:04 +0200 |
|---|---|---|
| committer |   Pablo Neira Ayuso <pablo@netfilter.org> | 2017-04-26 09:30:21 +0200 |
| commit | 1fefe14725c7cc7c720f9f8af2bc3bef13fd7d39 (patch) | |
| tree | 0d3eee75eef102d294995a7ccca05bf7406c8c51 /include/net | |
| parent | netfilter: tcp: Use TCP_MAX_WSCALE instead of literal 14 (diff) | |
| download | wireguard-linux-1fefe14725c7cc7c720f9f8af2bc3bef13fd7d39.tar.xz wireguard-linux-1fefe14725c7cc7c720f9f8af2bc3bef13fd7d39.zip | |
netfilter: synproxy: only register hooks when needed
Defer registration of the synproxy hooks until the first SYNPROXY rule is
added. Also means we only register hooks in namespaces that need it.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/net')
| -rw-r--r-- | include/net/netfilter/nf_conntrack_synproxy.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_conntrack_synproxy.h b/include/net/netfilter/nf_conntrack_synproxy.h index b0ca402c1f72..a2fcb5271726 100644 --- a/include/net/netfilter/nf_conntrack_synproxy.h +++ b/include/net/netfilter/nf_conntrack_synproxy.h @@ -52,6 +52,8 @@ struct synproxy_stats { struct synproxy_net { struct nf_conn *tmpl; struct synproxy_stats __percpu *stats; + unsigned int hook_ref4; + unsigned int hook_ref6; }; extern unsigned int synproxy_net_id; |